summaryrefslogtreecommitdiff
path: root/src/conf_mode/dns_forwarding.py
AgeCommit message (Collapse)Author
2020-06-11dns forwarding: T2486: configure vyos-hostsdJernej Jakob
Removes and adds all required settings.
2020-06-11dns forwarding: T2486: generate recursor conf filesJernej Jakob
- generate recursor.conf, recursor.conf.lua - if recursor.vyos-hostsd.conf.lua and recursor.forward-zones.conf don't exist, create empty ones (they are/will be generated by vyos-hostsd)
2020-06-11dns forwarding: T2486: add warning for no dhcp, system or static nameserversJernej Jakob
Add warning that forwarding will operate as a recursor in case there are no nameservers configured.
2020-06-11dns forwarding: T2486: change internal handling of 'dhcp' nameserversJernej Jakob
Remove the old solution that retrieved dhcp tagged nameservers from hostsd and added it to nameservers, as it didn't work anyway (only once during configuration but it didn't update them later). This is now handled by vyos-hostsd, just retrieve the configured interfaces and send it the list of tags to use.
2020-06-11dns forwarding: T2486: change internal handling of 'system' config nodeJernej Jakob
Remove manual retrieval of 'system name-server' from config and adding it to the name servers list, as this is now handled by simply adding a 'system' tag in vyos-hostsd.
2020-06-11dns forwarding: T2486: remove unnecessary intermediate name_servers variableJernej Jakob
2020-06-11dns forwarding: T2486: change internal representation of 'domain' configJernej Jakob
Change internal representation to the new one expected by vyos-hostsd.
2020-06-11dns forwarding: T2486: move Config() call into mainJernej Jakob
As Config is required in both get_config and verify, init it once and pass it to both functions.
2020-06-11dns forwarding: T2486: remove unneeded --dhclient argumentJernej Jakob
The functionality was moved to vyos-hostsd.
2020-06-11dns forwarding: T2486: add paths to filesJernej Jakob
2020-06-11dns forwarding: T1595: remove references to old listen-on optionJernej Jakob
As part of T1595 listen-on was removed and migrated to listen-address, but some references to it stayed in the variable names and validator error message.
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-05-17powerdns: T2470: adjust config file permissions for recursor 4.3Christian Poessinger
PowerDNS recursor 4.3 now uns as user pdns and group pdns, thus the generated configuration file and directory need to have the appropriate permissions set.
2020-04-27template: T2388: move mkdir/chmod/chown within render()Thomas Mangin
2020-04-13dns-forwarding: T2185: move configuration files to volatile /run directoryChristian Poessinger
2020-04-13dns-forwarding: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-12template: T2230: use render to generate templatesThomas Mangin
convert all call to jinja to use template.render
2020-04-09util: T2226: os.system was wrongly converted to runThomas Mangin
os.system does print the ouput of the command, run() does not. A new function called call() does the printing and return the error code.
2020-04-06util: T2226: covert most calls from os.system to utilThomas Mangin
As little change a possible but the function call The behaviour should be totally unchanged.
2020-04-05dns-forwarding: T2230: move inlined templates to dedicated filesChristian Poessinger
2019-08-26T1598: make dns_forwarding.py retrieve name servers from vyos-hostsd.Daniil Baturin
2019-08-20powerdns: T1595: remove 'listen-on' CLI optionChristian Poessinger
2019-08-20powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } }
2019-07-14[dns-forwarding] T1333: handle domain forward and general recursion in one ↵Christian Poessinger
configuration line In the past we used the PowerDNS cofniguration option forward-zones and forward-zones-recurse, but only the latter one sets the recursion bit in the DNS query. Thus all recursions have been moved to this config statement.
2019-07-03Merge pull request #78 from qiuchengxuan/currentChristian Poessinger
[pdns-recursor] T1469 - specified dns forwarding not work
2019-07-03T1504: wait for commit lock before trying to update resolv.conf in the out ↵Daniil Baturin
of CLI mode.
2019-06-25[pdns-recursor] T1469 - specified dns forwarding not workqiuchengxuan
when conflict exists between forward-zone-recurse entry, the lower one hides the upper one, which leads to inactive dns forwarding configuration
2019-06-22[pdns-recursor] T1469 - replace forward-zones with forward-zones-recurse (#75)qiuchengxuan
forward-zones-recurse behaves identically to dnsmasq server option in legacy vyos 1.1.8, while forward-zones option disallow recursive name resolving, which leads to dns lookup failure
2019-06-04T1379: Deprecated functions in /sbin/dhclient-scriptKim Hagen
2019-01-12T1041: make upstream DNS server optionalChristian Poessinger
The name-server option under "service dns-forwarding" was never mandatory so users never needed to specify an upstream server. With the recent switch to PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when there is no upstream DNS server configured.
2018-11-08T978: Support PowerDNS Recursor outbound queries over IPv6.Geoff Adams
This requires adding a query-local-address6 setting to enable outbound IPv6 queries in general, and also formatting upstream nameserver IPv6 addresses in such a way that Recursor can parse them.
2018-11-08T974: bugfix dns forwarder not listening on IPv6 addressesChristian Poessinger
By default PowerDNS only allows 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 for incoming DNS queries - we changed this to 0.0.0.0/0 to be reachable by everyone. This only covered the IPv4 address space and any IPv6 related query was not handled by the server.
2018-08-02T754: add DNSSEC to DNS forwardermb300sd
2018-05-29dns_forwarding.py: use a more fancy jinja2 syntax for delimitersChristian Poessinger
2018-05-29T664: DNS forwarder config broken with more than 2 zonesChristian Poessinger
2018-05-24T128: make nonexistent listen-on interface in DNS forwarding a warning ↵Daniil Baturin
rather than an error.
2018-05-23Use normal assignment by key instead of setdefault() everywhere.Daniil Baturin
The setdefault() dict object method updates the value only if it's not already set, so it's useless for what we want to do, despite its deceptive name.
2018-05-21T588: Configurable Negative TTL caching in forwarderChristian Poessinger
2018-05-20T560: enable non-local bind in the defaults, add 'listen-address' option, ↵Daniil Baturin
and add a deprecation warning for the listen-on option.
2018-05-16conf_mode: remove generation time from config header and adjust scriptnameChristian Poessinger
2018-05-16T644: remove prefixing from all scripts and update environment variables ↵Daniil Baturin
with VyOS paths.